FIG. 16 is a diagram for illustrating an electronic transaction system and its operation. The electronic transaction system shown in FIG. 16 comprises, for example, an electronic shop server 100 which opens an electronic shop site (hereinafter referred simply as an electronic shop) on the Internet (WWW: World Wide Wed), and operates and manages it, a portable terminal 300 accessible to the electronic shop site (the electronic shop server 100) via a carrier server 200 disposed in a mobile terminal network (a mobile carrier network), and a settlement server 400 disposed in a settlement institution which contracts settlement of payment for an article or the like (commercial transaction payment) that a user (a buyer) has purchased using the portable terminal 300 at the electronic shop.
Each of the terminal 300, and the servers 100, 200 and 400 has a communication function using an encryption communication protocol such as TLS (Transport Layer Security), SSL (Secure Socket Layer) or the like, whereby security such as concealment of authentication or data (prevention of leakage), prevention of tampering and the like is ensured between the portable terminal (hereinafter referred simply as a terminal) 300 and the carrier server 200, the carrier server 200 and the electronic shop server 100, and the electronic shop server 100 and the settlement server 400.
Concretely, in the above TLS or SSL, negotiations [issuing an electronic ID for server authentication, deciding a user private key (encryption method) to encrypt data, adding a MAC (Message Authentication Code) to a transmission message to prevent data from being tampered] called “handshake protocol” are carried out between the terminal 300 and the server 200 or the server 200 (100) and the server 100 (400) in prior to the encryption communication, whereby the above security is ensured.
Namely, issuing an electronic ID allows confirmation that the server 100, 200 or 400 is a valid server authenticated by a CA (Certificate Authority), encrypting/decrypting data with a user private key can prevent the data from leaking, and verification with an MAC helps to find data tampering.
After the security of a communication path 600 between, for example, the terminal 300 and the electronic shop server 100 is ensured as above, the user of the terminal 300 sends personal information such as a credit card number, a password or the like from the terminal 300 to the electronic shop 100 to request the electronic shop to settle payment in the commercial transaction (refer to a reference character 700).
The electronic shop server 100 sends the commercial transaction payment and the personal information as settlement information together with own electronic ID 500 to the settlement server 400 over a communication path 800 where security is ensured between the electronic shop server 100 and the settlement server 400 by conducting negotiations similar to the above. The settlement server 400 confirms that the electronic ID 500 received from the electronic shop server 100 is valid, then settles the commercial transaction payment on the basis of the received settlement information.
In the known electronic transaction system, the personal information (a credit card number, a password, etc.) sent from the terminal 300 is decrypted into text data in the electronic shop server 100 in order to confirm contents of the commercial transaction and contents of the order from the terminal 300 in the electronic shop server 100, as schematically shown in FIG. 17. If a hacker or the like intrudes (has an unauthorized access) into the electronic shop server 100, there is a possibility that the credit card number, the password or the like of the user easily leaks.
There is another possibility that when the user inputs his/her credit card number or password into the terminal 300, a third party steals a glance at the user's operation and abuses them.
In the light of the above problems, an object of the present invention is to allow an easy, safe settlement in an electronic transaction by using an electronic coupon having pecuniary value information and owner information not related to information about a credit card number, a password, or the like.